Architecture to get more security, privacy info

By David Perera

Nov 10, 2004

A second, more detailed, document on security and privacy requirements of the federal enterprise architecture will be released by the CIO Council by next April, said Sallie McDonald, the Homeland Security Department's director of strategic partnerships.

The new document, which will supplement the privacy and security overlay released by the CIO Council this fall, will include more detailed security and privacy guidelines, she said. Overlays are policy documents that affect all five of the federal enterprise architecture's data reference models.

The added detail of the second overlay document includes federal privacy, security methodology and a common set of concept definitions, McDonald said, who spoke Nov. 10 at the GCN Enterprise Architecture conference in Washington, D.C.

The document will work with existing rules and regulations, she added.

"It's not our intention to develop anything new and burden people who are already overburdened with anything new," as far as requirements, she said.

An ad hoc subcommittee of the Architecture and Infrastructure Committee, which is part of the CIO Council, is developing the second document, said John Gilligan, AIC co-chairman. Contract support is being supplied by Booz, Allen Hamilton and Mitre, he said. Gilligan also spoke that the conference.

The first overlay document just "basically showed how privacy and security should be addressed" in the five reference models of the federal enterprise architecture, he said.

The second document will detail "how to drill down and to begin to provide tools for the practitioners of security and privacy," he said. A third security and privacy overlay might be developed as well, he added. "We may need one more, but we're going to get a sense from the agencies, they'll give us the feedback," he said.